What we do

The ultimate

Real time

Network Traffic Analysis &

Active Cybersecurity Platform

based on Big Data and Open Source

redborder Live: Cybersecurity as a Cloudservice. Try our Free plan. Check out our options and features included.

Awesome visibilityprotection of our IT network infraestructure.

Active Cybersecurity Next Generation IPS

NGIPS: it is a combination of technologies such as IDS/IPS, Traffic Analysis, SIEMS (Security Information and Event Management System) into a single system. Thanks to big data, the correlation between those technologies ensure the enhancement of the security, the visibility, and the management of any network.

Redborder is probably the best solution based on Open Source available on the market for managing IPS probes based on Snort, Suricata and Bro or our own redborder IPS probes. The management inherits all of our platform’s advantages based on Big-data, enabling larger scaling for large deployments on a global scale and applying administration to multi-tenant technology.

Available:
Appliance & Software versions.

Network Intrusion Detection System (NDIS)

Next Generation IDS systems looks like firewalls in a lot of ways. But unlike firewall NGIDS systems are meant to detect and alert on potential malicious activity coming from within the network, not from the outside. The NGIDS would analysed the traffic by enabling promiscuous mode on the analysis port. Connected thanks to its network interface to the mirror port on our switch, it can see all packets being passed, and perform an analysis on the traffic.

NIDS Alerts

When a NIDS system detects something malicious, it log the detection event along with a full packet capture of the malicious traffic. Then, depending on the severity of the event, it might sent the alert by emailing a group, or create a ticket to follow up on, or it might page someone in the middle of the night if it’s determined to be a really high severity and urgent. These alerts include reference information linking to a known vulnerability, and the nature of the alert to help the investigator look into the event.

Network Intrusion Prevention System (NIPS)

The NIPS is able to take action against a suspected malicious traffic. Unlike a NIPS device, NIPS not only monitors traffic, but can take action on the traffic it’s monitoring, usually by blocking or dropping the traffic. The detection of threats or malicious traffic is handled through signature based detection. Signatures are unique characteristics of known malicious traffic. This allows IDS/IPS from easily and quickly recognizing known bad traffic from sources like botnets, worms, and other common attack vectors on the internet.

NIPS sensibility

Similar to anti-virus, some less common targeted attacks might not be detected by a signature based system, since they’re might not be signatures developed for these cases. So, it’s also possible to create custom rules to match traffic that might be considered suspicious, but not necessarily malicious. This would allow you to look into the traffic in more detail to determine the badness level. If the traffic is found to be malicious, a signature can be developed from the traffic, and incorporate it into the system

Network Traffic Analysis (NTA - Network Flow)

The Network Flow is basically a sequence of packets sent from a specific source to a specific unicast, or multicast destination. Get to know your Network Flow allow you to establish a baseline of what your typical network traffic looks like. Traffic can be a very efficient tool to ether prevent or troubleshoot the issues (Hardware or Software) which might occur on your network..

Thanks to Network Flow monitoring, you empower your ability in-depth analysis of the traffic to your network in real time. This allows you to determine the origin point, the volume, and the path of each transfer of information on your network. Furthermore monitoring your network traffic can be a very efficient tool to ether prevent or troubleshoot the issues (Hardware or Software) which might occur on your network..

Available:
Appliance & Software versions.

Application Monitoring into Network Traffic

Thanks to network flow monitoring you can set up a special combination of ports and protocols to define unlimited applications, and recognize this traffic exclusively in traffic reports (ex: YouTube). It’s allow you to identify and classify non-standard applications that monopolize your network bandwidth and apply policies to improve the performance of your network. Then, you can reconfigure strategies with a traffic shaping technique via the Access Control List (ACL) or a class-based strategy to master bandwidth intensive applications.

Network Traffic Trends

Trends View trends in network traffic manager allow you determine top applications and peak usage times. Therefore you can improve and adjust the hardware and software monitoring your network in their highest efficiency according to your needs. Thanks to network trends analysis you can also perform network audit and security analysis. Those might help you detect a wide range of external and internal security threats and track network anomalies that escape the firewall or the IDS/IPS.

Bandwidth Monitoring

Get to know what is happening in your network in real time by identifying the top talkers and the conversations into your network. Determine which users and what applications are using maximum bandwidth, and examine closely for conversational details. You can also configure instant granularity reports to get a real-time overview of network bandwidth. This will allow you to zoom in on the details at the interface level to discover traffic trends and device performance.

Accounting and Device Management

Perform accounting monitoring allow you to keep records of what resources and services your users access or what they did when they were using your systems. A critical component of this is auditing, which involves reviewing these records to ensure that nothing is out of the ordinary. You can also use accounting data to enforce data or time quotas, limiting the duration of sessions or restricting the amount of data that can be sent or received by a specific user or group of users. Categorize devices and group them to get data into logical groups, and monitor traffic reports exclusively, for a group.

YOUR PROBE, YOUR CHOICE.

The Intrusion probes are kind of devices which examine all packets going to your network and sending those information to the IPS platform. Deploy thousands of probes through your network and configure them to look after the specific information you are looking for.

THE MANAGEMENT PLATFORM.

The events generated by thousands of IPS/ IDS probes will reach a central point where they are collected, enriched, and stored by a real-time pipeline with scale-out capacity. Implement correlation rules with the other apps (Traffic, SIEM, Mobility, Monitor) and get the full control of your network.

CONTEXTUALIZATION.

Data is enriched with context without alteration based on existing data fields. This improves the decision-making and understanding processes. Additional data can come from external sources such as geolocation or reputation feeds, but also from other Apps active in the platform.

Security Info & Event Management - SIEM

Redborder SIEM will collect, normalize, enrich, correlate, and store logs in a highly scalable, secure, and intelligent way such that the data is valuable both on its own and in cooperation with the other modules or Apps.

Redborder SIEM gives you all the information, alerts and automation necessary to be two steps ahead of online threats. You don’t know what is a Traffic Analysis System? Learn more about SIEM and Log Analysis.

Available:
Appliance & Software versions.

Your Probe, Your Choice

The SIEM probes are kind of sensors wich examine all Log information coming  from your netwok devices and sending those information to the redborder SIEM platform. Deploy thousand of probes through your network and configure them to after the specific information you are looking for.

The Management Platform

The events generated by thousands of SIEM probes will reach a central point where they are collected, normalized, enriched, and stored by a real-time pipeline with scale-out capacity. Implement correlation rules with the other apps ( Intrusion, Traffic, Mobility, Monitoring) and get the full control of your network.

Contextualization

Data is enriched with context without alteration based on existing data fields. This improves the decision-making and understanding processes. Additional data can come from external sources such as geolocation or reputation feeds, but also from other Apps active in the platform.

Dashboards and Reports

Create and share outstanding dashboards that help you to visualise all logs from your network devices at a glance. Any view, with any filter applied, translates into a widget. Shape dashboards to prioritize information relevant to each target user. Create automatic reports the same way.

Wireless Traffic Analysis - Mobility

Redborder Mobility module introduce us into Cyber-Fisic security. This module uses Wi-Fi and location information for elements of your network, such as Wireless LAN Controller devices, to show, among other things, valuable information on the movement of devices within our organization or network.

Get to know at all times the number of devices in your network, their fidelity, the length of time, the quality of the signal, etc. Mobility will help you about social distance, capacity control and space management. We are fully compatible with main AP WIFI manufacturers and integrates our technology with Analytic and Location Engine (ALE) from Aruba or with Cisco Mobility Services Engine (MSE) among others.

Available:
Appliance & Software versions.

Cyber Physical Security

Mobility module helps us to manage our platform to cyber physical security purposes. In addition to securing the data traffic that occurs through the Wifi points, we can manage the mobility of users, social distancing and the restriction of areas. These functions are completely up-to-date and necessary for optimal management of our spaces.

The Management Platform

The events generated by thousands of WIFI access point will reach a central point where they are collected, enriched, and stored by a real-time pipeline with scale-out capacity. Implement correlation rules with the other modules or apps ( Intrusion, Traffic, Monitoring, SIEM ) and get the full control of your network.

Contextualization

Data is enriched with context without alteration based on existing data fields. This improves the decision-making and understanding processes. Additional data can come from external sources such as geolocation or reputation feeds, but also from other modules or Apps active in the redborder platform.

Your Probe, Your Choice

The WIFI probes are kind of sensors which examine all Wi-Fi information (devices connected to the Wi-Fi, type of devices, bandwidth, etc.) from your network and sending those information to the redborder WIFI platform. Deploy thousands of probes through your network and configure them to look after the specific information you are looking for.

POLICY CONTROL.

Managing Snort and Suricata events is not new to open source. What makes redborder NNext Generation IPS unique is the combination of scale and enterprise quality policy management in the same open source platform. This would make redborder stand on its own, but combined with the other applications the only limit is your imagination.

HIERARCHICAL POLICIES.

Devices are configured in a hierarchical structure that allows you to manage them as groups, with configuration and policies enforced downstream while maintaining local independence. This applies to all levels, including the probe itself, its segments, and the different networks.

POLICY WORKFLOW.

Policy management is a complex task. Create policy profiles with ease and apply them hierarchically to your devices. Rules can be searched, ordered, or categorized for simplicity. Any change can be recovered and is trackable. All deployments are controlled by you.

Hardware monitoring - Monitor

Monitoring Deployed Hardware through SNMP protocol ensures a preventive and active monitorization of our hardware devices.

Combining Monitor module with the whole platform active modules we can expand the dimension of the the status of the hardware units working in our network infraestructure. We can see status from LOAD, RAM, CPU and others information send through SNMP.

Available:
Appliance & Software versions.

Hardware Monitoring

Monitor all the systems, devices, traffic, and applications in your IT infrastructure and stay ahead of IT infraestructure issues. By this way redborder in correlation with other active modules have a correct preventive and active vision of network infraestructure hardware status.

Funcionality

The monitor device sensor can be used to monitor any device with an ip address that supports snmp, redfish or ipmi. When creating or updating the monitor device sensor the credentials for the corresponding protocols needs to be defined.

Compatibility

We are compatible with different technologies such us SNMP, Redfish or IPMI. by this way we ensure a correct data ingest for different critical parameters like temperature, fan speed, power health, RAM memoy status, load etc..

Scalability

The whole platform is designed to scale horizontally, so we can manage thousand of units that the only bottleneck is your imagination. Just add new resources to the cluster and we will take care of everything on your behalf.

Correlation AI engine - Big Data & AI powered

Redborder Correlation Engine empowered with a hugh data ingest and AI technology offers us a 360º vision Cybersecurity solution. We combine different data fonts in favour of a complete threath analysis combining any rule and detecting anomalies and behaviours.

Redborder offers data enrichment with external intelligence sources combined with data mining, correlation and behavioral analytics. Gain practical insights from integrated data.

Available:
Appliance & Software versions.

Visibility

The correlation engine, gives you the opportunity to see into customizable dashboards multiple correlate data from your Network. Discover at a glance the bandwidth traffic, the devices in use, their mobility, the applications running, any unusual activity and a lots of more information about your network. Set-up as much probes as you want to get the perfect visibility granularity that you need.

Security

The Next Generation IPS platform, allow you to manage high performance open source intrusion detection and prevention system. The correlation of the data from redborder IPS/IDS with redborder Flow (Traffic), SIEM (System Event & Security Information), and Wifi (Mobility) allow you to strengthen the security of your network. Thanks to redborder you get the most flexible and powerful way in the market to deploy and manage an intrusion detection and prevention system.

Scalability

The whole platform is designed to scale horizontally, so that the only bottleneck is your imagination. Just add new resources to the cluster and we will take care of everything on your behalf. Redborder platform can process millions of events per second from networks of any size in real time. Scale-Out power for managing probes, network devices, analysis activity and users in a multi-tenant and cloud-ready infrastructure.

Adaptability

Redborder platform, gives you the opportunity to use your own IDS/IPS, or your own Traffic-Analysis System, or to use a mix configuration (example: Redborder platform + redborder Intrusion probe + your own Traffic Analysis System). Thanks to configurable high performance probes, the platform will collect data, and normalize them into a single code, then it enrich and correlate them and show you the result into the personalized dashboards.

Redborder is Open Source basedfully scalableBig Data development.